Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/eb422b-c79e-4fbe-ae8f-3563f9543487/1/go_3y1bgA8-3JogrkPCJfivjGfI.roa
File:                     go_3y1bgA8-3JogrkPCJfivjGfI.roa (raw, json)
Hash identifier:          sD0zwjqxa6jKAzdmYzjIQYsG/miMaGsajOJ2iWvOUZg=
Subject key identifier:   82:8F:F7:CB:56:E0:03:CF:B7:26:88:2B:90:F0:89:7E:2B:E3:19:F2
Certificate issuer:       /CN=e83a2cce9083e8c15a1d325cf48767559f92b623
Certificate serial:       01978C88C741272906A485ABA3C96B2D7639
Authority key identifier: E8:3A:2C:CE:90:83:E8:C1:5A:1D:32:5C:F4:87:67:55:9F:92:B6:23
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6DoszpCD6MFaHTJc9IdnVZ-StiM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/eb422b-c79e-4fbe-ae8f-3563f9543487/1/go_3y1bgA8-3JogrkPCJfivjGfI.roa
Signing time:             Fri 20 Jun 2025 08:51:03 +0000
ROA not before:           Fri 20 Jun 2025 08:51:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34640
IP address blocks:        185.186.5.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/56/eb422b-c79e-4fbe-ae8f-3563f9543487/1/6DoszpCD6MFaHTJc9IdnVZ-StiM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/56/eb422b-c79e-4fbe-ae8f-3563f9543487/1/6DoszpCD6MFaHTJc9IdnVZ-StiM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6DoszpCD6MFaHTJc9IdnVZ-StiM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 19:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:8c:88:c7:41:27:29:06:a4:85:ab:a3:c9:6b:2d:76:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e83a2cce9083e8c15a1d325cf48767559f92b623
        Validity
            Not Before: Jun 20 08:51:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=828ff7cb56e003cfb726882b90f0897e2be319f2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:5b:e7:7f:87:ee:11:64:30:28:f6:a2:42:a4:
                    91:12:27:b2:a2:90:5b:11:c6:0d:af:f3:43:7d:0f:
                    8a:b5:bf:79:47:d4:63:54:48:93:40:24:ae:ac:3a:
                    a8:b5:ee:39:e3:96:73:66:84:f6:67:ba:4a:1a:d5:
                    8b:71:26:c5:bd:af:f1:38:cb:8d:f1:50:1b:4b:fd:
                    c3:1c:fb:5b:0c:6b:a0:0d:a6:f9:0c:55:1b:de:0b:
                    58:9d:d5:92:74:7e:65:1b:40:a7:4e:26:55:96:5f:
                    15:d2:46:6c:63:c4:63:89:42:37:a1:eb:a3:40:f5:
                    eb:04:a0:b7:08:72:6c:00:44:a2:71:3c:6e:b3:a9:
                    90:5a:63:4c:db:63:81:50:39:d7:45:67:86:b4:b0:
                    93:c9:91:fb:81:39:c4:d8:b5:59:f2:32:7c:4f:f4:
                    02:8f:6f:14:2e:a6:1a:c0:04:05:bb:55:18:03:44:
                    ef:30:a7:90:c4:b7:95:31:d7:8a:dc:19:fb:85:a8:
                    9c:30:0e:49:62:14:a0:4d:fb:54:14:1b:e7:37:cf:
                    a2:22:4f:18:09:b3:8e:0b:9a:5f:f9:cb:56:88:26:
                    8f:99:89:0e:fd:65:41:c1:88:de:da:ab:a6:3d:4c:
                    ce:74:93:66:6d:b5:0e:f0:7f:8d:17:52:b3:df:12:
                    2f:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:8F:F7:CB:56:E0:03:CF:B7:26:88:2B:90:F0:89:7E:2B:E3:19:F2
            X509v3 Authority Key Identifier:
                keyid:E8:3A:2C:CE:90:83:E8:C1:5A:1D:32:5C:F4:87:67:55:9F:92:B6:23

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6DoszpCD6MFaHTJc9IdnVZ-StiM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/eb422b-c79e-4fbe-ae8f-3563f9543487/1/go_3y1bgA8-3JogrkPCJfivjGfI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/eb422b-c79e-4fbe-ae8f-3563f9543487/1/6DoszpCD6MFaHTJc9IdnVZ-StiM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.186.5.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:c0:c6:4c:04:f5:d3:b5:c7:c3:a0:69:ee:55:fb:82:1c:52:
         31:83:e1:1e:d4:5b:82:f2:53:de:0c:c8:7d:64:56:00:bb:34:
         c2:06:dd:1a:ab:e1:d1:0c:23:88:46:fd:23:ff:67:fe:0a:df:
         67:70:80:b5:c9:a5:7a:eb:06:d3:43:2e:66:19:8b:21:71:ca:
         82:a0:3e:d2:9b:5e:b4:92:92:c1:e1:9e:e7:12:d1:81:aa:95:
         bc:24:2a:af:34:51:12:13:ee:3c:68:57:5d:5a:d7:b0:80:33:
         ff:30:c4:9c:d7:ee:6c:41:5a:cc:b4:28:71:0d:5d:31:88:5d:
         82:0b:68:0e:ea:15:f4:d4:9f:90:06:2a:ac:86:c7:8e:5c:93:
         14:5a:7e:05:5f:5c:c4:e5:0d:f6:56:36:71:a8:42:36:03:36:
         93:0e:e1:5b:0d:a4:c4:72:c8:31:0a:bb:60:1c:be:6d:00:a5:
         06:9f:e9:9b:5b:20:df:1a:0e:d6:e2:3b:bf:a6:ff:62:e9:35:
         0a:de:4b:c3:4d:0d:39:06:26:c6:04:3e:7f:df:da:4b:15:a0:
         5c:6d:3f:6d:f7:d4:7d:84:5a:48:9f:a8:bd:b7:80:45:57:52:
         cf:72:fd:e6:79:26:f1:26:6a:dd:aa:26:3a:72:0b:0c:f1:62:
         85:0d:8d:77
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZeMiMdBJykGpIWro8lrLXY5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4M2EyY2NlOTA4M2U4YzE1YTFkMzI1Y2Y0ODc2NzU1OWY5
MmI2MjMwHhcNMjUwNjIwMDg1MTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MjhmZjdjYjU2ZTAwM2NmYjcyNjg4MmI5MGYwODk3ZTJiZTMxOWYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsVvnf4fuEWQwKPaiQqSREieyopBb
EcYNr/NDfQ+Ktb95R9RjVEiTQCSurDqote4545ZzZoT2Z7pKGtWLcSbFva/xOMuN
8VAbS/3DHPtbDGugDab5DFUb3gtYndWSdH5lG0CnTiZVll8V0kZsY8RjiUI3oeuj
QPXrBKC3CHJsAESicTxus6mQWmNM22OBUDnXRWeGtLCTyZH7gTnE2LVZ8jJ8T/QC
j28ULqYawAQFu1UYA0TvMKeQxLeVMdeK3Bn7haicMA5JYhSgTftUFBvnN8+iIk8Y
CbOOC5pf+ctWiCaPmYkO/WVBwYje2qumPUzOdJNmbbUO8H+NF1Kz3xIvuQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIKP98tW4APPtyaIK5DwiX4r4xnyMB8GA1UdIwQY
MBaAFOg6LM6Qg+jBWh0yXPSHZ1WfkrYjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNkRvc3pwQ0Q2TUZhSFRKYzlJZG5WWi1TdGlNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni9lYjQyMmItYzc5ZS00ZmJlLWFlOGYt
MzU2M2Y5NTQzNDg3LzEvZ29fM3kxYmdBOC0zSm9ncmtQQ0pmaXZqR2ZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni9lYjQyMmItYzc5ZS00ZmJlLWFlOGYtMzU2M2Y5NTQzNDg3
LzEvNkRvc3pwQ0Q2TUZhSFRKYzlJZG5WWi1TdGlNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuboFMA0G
CSqGSIb3DQEBCwUAA4IBAQCWwMZMBPXTtcfDoGnuVfuCHFIxg+Ee1FuC8lPeDMh9
ZFYAuzTCBt0aq+HRDCOIRv0j/2f+Ct9ncIC1yaV66wbTQy5mGYshccqCoD7Sm160
kpLB4Z7nEtGBqpW8JCqvNFESE+48aFddWtewgDP/MMSc1+5sQVrMtChxDV0xiF2C
C2gO6hX01J+QBiqshseOXJMUWn4FX1zE5Q32VjZxqEI2AzaTDuFbDaTEcsgxCrtg
HL5tAKUGn+mbWyDfGg7W4ju/pv9i6TUK3kvDTQ05BibGBD5/39pLFaBcbT9t99R9
hFpIn6i9t4BFV1LPcv3meSbxJmrdqiY6cgsM8WKFDY13
-----END CERTIFICATE-----